List of UK government data losses

Last updated April 10, 2022

The following is a list of UK government data losses. It lists reported instances of the loss of personal data by UK central and local government, agencies, non-departmental public bodies, etc., whether directly or indirectly because of the actions of private-sector contractors. Such losses tend to receive widespread media coverage in the UK.

Date		Department	Number of records lost	Narrative
2017		Heathrow Airport	2.5GB / 76 folders	Lost unencrypted USB storage device containing complete security information for Heathrow airport including badges, maps, CCTV camera locations, etc.
2015		Ministry of Defence		British Army footage and photographs of Operation Motorman were found to be missing.
2014		Foreign Office		Records of Diego Garcia flights and the UK's role in the CIA rendition programme were destroyed by water damage.
2014		Home Office	114	Files linked to 1980s Westminster paedophile ring allegations were found to be missing. (See also: Westminster paedophile dossier.)
2013		Serious Fraud Office		Documents related to the investigation of BAE Systems were lost accidentally. The data amounted to 32,000 physical pages of text, 81 tapes of audio, and other electronic media.
2013	November	Suffolk County Council		An unencrypted USB memory stick was found containing information from the county’s adult and community services department. It had internal memos and copies of e-mails about forthcoming projects – and it also had tables containing the names of clients.
2013	July	NHS Greater Glasgow and Clyde	60	A folder containing patient records was found in a car park and handed in by a member of the public.
2012		Greater Manchester Police	over 1,000	An unencrypted USB stick containing details of witnesses with links to serious criminal investigations that was being kept in a police officer's house was stolen in a burglary. The force was fined £120,000.
2012		South London NHS Trust	600	Records on 600 maternity patients and their newborn children were lost by misplacing unencrypted USB sticks.
2012	May	NHS Surrey	3,000	Computer used by the NHS was sold on auction website eBay without being properly cleansed of patient records.
2012	February	Office for Nuclear Regulation (ONR)		A memory stick containing a safety assessment of a nuclear power plant in north-east England has been lost by an official. The unencrypted USB pen drive, containing a 'stress test' safety assessment of the Hartlepool plant.
2011	February	Powys County Council		A file containing details of a child protection case was leaked accidentally. The council was fined £130,000.
2010	September	Brighton General Hospital		Hard drives containing patient data were stolen.
2008	November	Department for Work and Pensions	n/a	USB memory stick, apparently encrypted and containing passwords for an old version of the Government Gateway, a website giving access to millions of records of personal data.
2008	October	Ministry of Defence	1,700,000	Hard drive being held by contractor EDS is found to be missing.
2008	September	Service Personnel and Veterans Agency	50,500	Three USB portable hard drives with details of staff are allegedly stolen from a high security facility at RAF Innsworth. The Agency holds records on 900,000 current and former personnel. Stolen records included sensitive information about the private lives of senior staff.
2008	September	National Offender Management Service	5,000	A hard drive containing details of 5,000 employees of the National Offender Management Service was lost by EDS.
2008	September	Insolvency Service	400	Names, addresses and bank details of up to 400 directors of 122 firms were lost when four laptops were stolen from a Manchester premises.
2008	September	Tees, Esk and Wear Valleys NHS Trust	200	Memory stick with details of patients found in a public park.
2008	August	Home Office	84,000	PA Consulting lost an unencrypted memory stick containing details of high risk, prolific and other offenders.
2008	August	Colchester Hospital University NHS Foundation Trust	21,000	A manager's unencrypted laptop holding patient addresses and treatment details is stolen from his car whilst on holiday in Edinburgh
2008	January	Royal Navy	600,000	A Royal Navy officer's laptop was stolen that contained the details of 600,000 applicants and others who had expressed interest in joining the Armed Forces including both the Navy, Marines and Air Force.
2007	December	Department for Work and Pensions	45,000	West Yorkshire benefit claimants' in data lost.
2007	December	Department for Work and Pensions	000s	CDs with personal data found at the home of a former contractor.
2007	November	City and Hackney Teaching Primary Care Trust	160,000	"Heavily encrypted" disks containing details of children are lost by couriers. The loss prompted the agency to implement hard drive and USB memory stick encryption systems across all PCs.
2007	November	Foreign and Commonwealth Office	50,000	Details of visa applicants were made available on an FCO website.
2007	November	HM Revenue and Customs	25,000,000	Two CDs containing details of the families of child benefits claimants went missing in the post. HMRC's handling of data was described as "woefully inadequate" and staff were described as "muddling through" in a June 2008 Independent Police Complaints Commission report.
2007	July	Ministry of Justice	5,000	Hard disk with details of HM Prison Service staff is lost on the premises of EDS.
2007	May	Driving Standards Agency	3,000,000	Hard disk with details of candidates for the driving theory test was lost in a premises in Iowa by subcontractors.
2007	May	Foreign and Commonwealth Office	50	Details of individuals made public after "unauthorised disclosure by a contractor"
1961		Foreign Office		Many of the most sensitive documents from the UK's colonial era were destroyed under the direction of Secretary of State for the Colonies Iain Macleod.

Related Research Articles

Insurance is a means of protection from financial loss. It is a form of risk management, primarily used to hedge against the risk of a contingent or uncertain loss.

The total number of military and civilian casualties in World War I was about 40 million: estimates range from around 15 to 22 million deaths and about 23 million wounded military personnel, ranking it among the deadliest conflicts in human history.

In law, fraud is intentional deception to secure unfair or unlawful gain, or to deprive a victim of a legal right. Fraud can violate civil law or criminal law, or it may cause no loss of money, property, or legal right but still be an element of another civil or criminal wrong. The purpose of fraud may be monetary gain or other benefits, for example by obtaining a passport, travel document, or driver's license, or mortgage fraud, where the perpetrator may attempt to qualify for a mortgage by way of false statements.

Business continuity planning Prevention and recovery from threats that might affect a company

Business continuity may be defined as "the capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident", and business continuity planning is the process of creating systems of prevention and recovery to deal with potential threats to a company. In addition to prevention, the goal is to enable ongoing operations before and during execution of disaster recovery. Business continuity is the intended outcome of proper execution of both business continuity planning and disaster recovery.

In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms. This usually refers to data that is transmitted or stored unencrypted.

Identity theft occurs when someone uses another person's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. The term identity theft was coined in 1964. Since that time, the definition of identity theft has been statutorily defined throughout both the U.K. and the United States as the theft of personally identifiable information. Identity theft deliberately uses someone else's identity as a method to gain financial advantages or obtain credit and other benefits, and perhaps to cause other person's disadvantages or loss. The person whose identity has been stolen may suffer adverse consequences, especially if they are falsely held responsible for the perpetrator's actions. Personally identifiable information generally includes a person's name, date of birth, social security number, driver's license number, bank account or credit card numbers, PINs, electronic signatures, fingerprints, passwords, or any other information that can be used to access a person's financial resources.

World War II was the deadliest military conflict in history. An estimated total of 70–85 million people perished, or about 3% of the 2.3 billion (est.) people on Earth in 1940. Deaths directly caused by the war are estimated at 50–56 million, with an additional estimated 19–28 million deaths from war-related disease and famine. Civilian deaths totaled 50–55 million. Military deaths from all causes totaled 21–25 million, including deaths in captivity of about 5 million prisoners of war. More than half of the total number of casualties are accounted for by the dead of the Republic of China and of the Soviet Union. The tables below give a detailed country-by-country count of human losses. Statistics on the number of military wounded are included whenever available.

The Office for National Statistics is the executive office of the UK Statistics Authority, a non-ministerial department which reports directly to the UK Parliament.

Cannock Chase (UK Parliament constituency) Parliamentary constituency in the United Kingdom, 1997 onwards

Cannock Chase is a constituency represented in the House of Commons of the UK Parliament since 2015 by Amanda Milling of the Conservative Party. She is currently serving as the Minister for Asia in the Foreign, Commonwealth and Development Office.

Henley (UK Parliament constituency) Parliamentary constituency in the United Kingdom, 1885 onwards

Henley is a constituency in Oxfordshire represented in the House of Commons of the UK Parliament since 2008 by John Howell, a member of the Conservative Party. He was elected in a by-election following the resignation of Boris Johnson, who had taken office as Mayor of London. The constituency was established for the 1885 general election.

Uxbridge (UK Parliament constituency) Parliamentary constituency in the United Kingdom, 1885–2010

Uxbridge was a seat returning one Member of Parliament (MP) of the House of Commons of the UK Parliament from 1885 to 2010. Its MPs elected were: Conservative Party candidates for 107 years and Labour Party candidates for 18 years. The closing 40 years of the seat's history saw Conservative victory — in 1997 on a very marginal majority in relative terms.

NEC Software Solutions, formerly Northgate Public Services, is a provider of specialist software and outsourcing services for the public sector and is based in the United Kingdom. This followed its acquisition by NEC Corporation in January 2018.

Classified information in the United Kingdom is a system used to protect information from intentional or inadvertent release to unauthorised readers. The system is organised by the Cabinet Office and is implemented throughout central and local government and critical national infrastructure. The system is also used by private sector bodies that provide services to the public sector.

Data loss prevention (DLP) software detects potential data breaches/data ex-filtration transmissions and prevents them by monitoring, detecting and blocking sensitive data while in use, in motion, and at rest.

The National Biodiversity Network (UK) (NBN) is a collaborative venture set up in 2000 in the United Kingdom committed to making biodiversity information available through various media, including on the internet via the NBN Atlas—the data search website of the NBN.

Data breach Intentional or unintentional release of secure information

A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Other terms are unintentional information disclosure, data leak, information leakage, and data spill. Incidents range from concerted attacks by individuals who hack for personal gain or malice, organized crime, political activists or national governments, to poorly configured system security or careless disposal of used computer equipment or data storage media. Leaked information can range from matters compromising national security, to information on actions which a government or official considers embarrassing and wants to conceal. A deliberate data breach by a person privy to the information, typically for political purposes, is more often described as a "leak".

The loss of United Kingdom child benefit data was a data breach incident in October 2007, when two computer discs owned by Her Majesty's Revenue and Customs containing data relating to child benefit went missing. The incident was announced by the Chancellor of the Exchequer, Alistair Darling, on 20 November 2007. The two discs contained the personal details of all families in the United Kingdom (UK) claiming child benefit, of which takeup in the UK is near 100%.

The European recession is part of the Great Recession, which began inside the United States. The crisis spread to Europe rapidly and affected much of the region with several countries already in recession as of February 2009, and most others suffering marked economic setbacks. The global recession was first seen in Europe, as Ireland was the first country to fall in a recession from Q2-Q3 2007 – followed by temporary growth in Q4 2007 – and then a two-year-long recession.

A census of the population of the United Kingdom is taken every ten years. The 2011 census was held in all countries of the UK on 27 March 2011. It was the first UK census which could be completed online via the Internet. The Office for National Statistics (ONS) is responsible for the census in England and Wales, the General Register Office for Scotland (GROS) is responsible for the census in Scotland, and the Northern Ireland Statistics and Research Agency (NISRA) is responsible for the census in Northern Ireland.

Test, Trace, Protect is a government-funded service in Wales, first published on 13 May 2020 by the Welsh Government to track and help prevent the spread of COVID-19. Its aim is to "enhance health surveillance in the community, undertake effective and extensive contact tracing, and support people to self-isolate".

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.